DE102011108069A1 - Procedure for securing a transaction - Google Patents

Abstract

The invention relates to a method, a computer program product, a communication terminal and a system for securing a transaction, in particular a payment transaction, between a communication terminal (1) and a server entity (2), wherein the communication terminal (1) has a processor (P) with an unsecured Runtime environment (NZ) and a secure runtime environment (TZ), comprising the steps of: establishing a first communication channel (4) between the communication terminal (1) and the server instance (2); and transmitting (D) transaction-relevant data from the communication terminal (1) to the server entity (2) via the first communication channel (4). In this case, before sending a second communication channel (5) between the browser application (AL) in the unsecured runtime environment (NZ) and a transaction application (TL) in the secure runtime environment (TZ) constructed and at least a portion of the entered transaction-relevant data on the second communication channel (5) to the transaction application (TL). The transaction application (TL) generates confirmation information for securing the transaction from the received part of the transaction-relevant data. This confirmation information is used to release the transaction in the server instance (2).

Description

The invention relates to a method, a computer program product, a communication terminal and a system for securing a transaction, in particular a payment transaction, between a communication terminal and a server instance.

Communication terminals are in the form of a mobile phone, smart phones or personal digital assistants, short PDAs with mobile phone function more frequently to carry out transactions such. Bank transactions, payment transactions, retrieval of data contents, and the like. For this purpose, the communication terminal is in a data communication with a server instance.

A server instance is understood in this application to be an instance remote from the communication terminal. For example, these are hardware or software server instances that provide and provide services and services. For the purposes of the application, in particular an e-service, also referred to as an online shop or webshop, is taken under the term server instance. E-services are all services and activities that are created by computers and interactively offered and executed via electronic media such as the Internet.

For example, an e-service provides goods and digital products on the Internet. The e-service includes software with a virtual shopping cart functionality. The buyer selects the desired product using his communication terminal. It is stored in a virtual shopping cart and marked for payment. Behind this e-service is now a physical business, which actually handles the respective order of the user.

All these e-services require a transaction between the server instance and the communication terminal. This transaction is either a payment transaction, an identification transaction, an authentication transaction, or the like. In particular, a transaction is understood here as a sequence of steps that can be regarded as a logical unit. In the course of the transaction and for the purpose of identification and authentication, a user often provides safety-critical or confidential input data via an input device, such as an input device. As a keyboard, in the user terminal. Subsequently, these input data are sent via the data communication network as transaction-relevant data to the server instance. In the following step, the server instance releases the service or the product, which in the following is understood as transaction release.

Here is the principal problem that both personal or public, equipped with a keyboard and screen mobile communication terminals, such. As smart phone, cell phone or the like, as well as the data communication network are generally uncertain and thus vulnerable to malware. As malware z. As viruses, worms, Trojans, spyware or the like, which can listen to the transaction-relevant data or even manipulate such that instead of the transaction intended by the user of the terminal an unwanted transaction in favor of an unauthorized third party is executed without this for the user , the communication terminal or the server instance can be recognized. If such a transaction is manipulated, it can cause significant damage to the server instance operator and also to the paying user.

In the EP 1 260 077 B1 Therefore, a method is described by which a user of a mobile radio communication terminal confirms a transaction. In this case, an authentication server is included in the transaction system, which is used to secure the transaction by the terminal an offer of the service provider automatically deposited with the authentication server as a transaction confirmation. This is disadvantageous in that even malware can be embedded on the mobile phone, which manipulates the transaction confirmation accordingly. In addition, the additional authentication server makes the system more complex, which incurs extra costs.

For secure transactions over a data communication network, can be used also called Trusted Execution Environment ^® or TrustZone ^® for some time so-called secure runtime environments. These secure runtime environments are used to run safety-critical applications in an isolated, tamper-proof environment.

Previous solutions demand changes on the part of the server instances in their Internet presence in order to integrate the secure runtime environment into the processing of transactions. These changes are, in particular, the provision of further software and / or hardware modules or elaborate certification servers. These changes can be very costly, making transactions using the secure runtime environments less common nowadays.

The invention is therefore based on the object to simplify transactions between communication terminals and server instances. Nevertheless, a high degree of security against manipulation should be given and, in particular, no infrastructural adjustments within the transaction system should be necessary.

The object of the invention is achieved by the measures described in the independent independent claims. Advantageous embodiments are described in the respective dependent claims.

The object is achieved in particular by a method for securing a transaction, in particular a payment transaction, between a communication terminal and a server instance. In this case, the communication terminal comprises a processor with an unsecured runtime environment and a secure runtime environment. For the method, first a first communication channel is established between the communication terminal and the server instance. Finally, transaction-relevant data are sent from the communication terminal to the server instance via the first communication channel. The inventive method is characterized in that prior to the step of sending a second communication channel established between the browser application in the unsecured runtime environment and a transaction application in the secure runtime environment and sent at least a portion of the entered transaction-relevant data via the second communication channel to the transaction application becomes. Before the step of sending, the transaction application generates confirmation information from the received part of the transaction-relevant data. This confirmation information is used to release the transaction. By releasing the transaction is meant in particular a message of the bank instance to the server instance.

Transaction-relevant data are primarily bank transaction data, in particular account number, bank code number, credit card number, credit card expiration date, name of the credit card holder, the check code of the credit card, bank details, transfer amounts and the like. These transaction-relevant data are requested by the server instance and either entered by the user into the communication terminal and / or generated by the transaction application or read from a secure storage area of the secure runtime environment.

The bank instance is an instance that receives the transaction-relevant data from the server instance and compares it with the confirmation information. Following the comparison, the bank instance generates a message to the server instance with the result of the comparison. The server instance can then decide whether to make the service or goods associated with the transaction available to the user.

The bank instance is, for example, a bank that offers paid services for payment, credit and capital transactions.

Furthermore, these transaction-relevant data may be security-critical or confidential data, or data requested to perform the transaction by the server instance, for example personal identification numbers (PIN), transaction numbers (TAN) or other transaction data, such as the amount or purchase order number of a product.

As a communication between terminal and server instance is understood here a signal transmission, which is characterized by the transmitter-receiver model. In this case, information is encoded in characters and transmitted by a transmitter via a communication channel to a receiver.

The first communication channel is in particular a via a mobile network. As a mobile network is understood here a technical infrastructure on which the transmission of signals for mobile communications takes place. In this case, the mobile switching network, in which the transmission and switching of the signals take place between stationary devices and platforms of the mobile radio network, as well as the access network (also referred to as air interface), in which the transmission of the signals between a mobile radio antenna and a mobile terminal takes place, to understand. For example, the "Global System for Mobile Communications", short GSM as a representative of the so-called second generation or the General Packet Radio Service, GPRS short and Universal Mobile Telecommunications System, short UMTS as a representative of the so-called third generation of mobile networks are mentioned here by way of example the third generation, the mobile switching network is extended by the ability of a packet-oriented data transmission, but the radio network is in itself unchanged.

To perform a transaction, transaction-relevant data is sent from the communication device to the server instance.

In particular, the transaction-relevant data may be the date, the amount, a transaction number that uniquely references the transaction or the same. These transaction-relevant data can be retrieved from the server instance at least partially via the first Communication channel have been provided. These transaction-relevant data are sent at least partially via the second communication channel to the transaction application before the step of sending.

In an alternative embodiment according to the invention, at least part of the transaction-relevant data is provided and / or generated by the transaction application.

The transaction-relevant data can be entered in a preferred embodiment of the invention by the user in a browser application in the unsecured runtime environment, wherein before the step of sending at least a portion of the entered transaction-relevant data is sent via the second communication channel to the transaction application. For this purpose, the user inputs in particular the user name, the credit card number, the validity period of the credit card, the check code CVV of the credit card and / or the credit card company.

A browser application is provided for sending the transaction-relevant data to the server instance. Since the browser application was started within the unsecured runtime environment, the browser application is at risk of tampering, so that the transaction-relevant data must be monitored and confirmed to some extent. For this purpose, the second communication channel is set up for the secure runtime environment, the transaction-relevant data is provided at least in part to the secure runtime environment, and a confirmation information is generated within a manipulation-protected environment.

In particular, the browser application has an expansion module, a so-called browser plug-in. This extension module establishes the second communication channel between the browser application in the insecure runtime environment and the transactional application in the secure runtime environment, such that the transactional application in the secure runtime environment receives the part of the entered transactional data to secure the transaction, complements or verifies it if necessary. The second communication channel runs exclusively within the processor. The expansion module monitors the input in the unsecured runtime environment and makes that data available to the secured runtime environment. The TEE has a module at the protocol layer level as intended, which can forward data from the unsecured runtime environment to the secure runtime environment. Such a module is different from the extension module, since the extension module is an extension of the browser login per se, ie a module at the application layer level.

To secure the transaction, the transaction application in the secure runtime environment accesses an input element of the communication terminal. The transmission of the transaction-relevant data to the server instance succeed only after a tamper-proof acknowledgment of the user.

In an advantageous embodiment, the transaction application checks the entered transactional data in the secure runtime environment, in particular for consistency with data stored in the secure runtime environment. This stored data can be stored in a secure memory area or even within a security element, the security element being connected to the secure runtime environment by data communication technology. This communication can be contact or contactless. The security element may be a portable data carrier with appropriate security functionality, such. As a smart card, smart card, token, mass storage card, multimedia card, or the subscriber identification card SIM or, alternatively, an identification data carrier such as an electronic identity card or passport with, stored on a chip machine-readable identification data of the user. The security element is configured in particular as a hardware component and arranged as a firmly integrated component in the mobile terminal, wherein it can not be removed either in the form of the mobile terminal, for example as an M2M module, co-processor. Alternatively, the security element is a software component in the form of a secure storage area in the secure runtime environment.

If inconsistency of the transaction-relevant data with data from the security element is detected, the transaction application displays a corresponding warning message to the user via an output element of the communication terminal. Alternatively or additionally, it prevents the transmission of the transaction-relevant data to the server instance. Thus, the user is tamper-resistant informed or prevents the transaction in case of possible malware attack.

The confirmation information advantageously also contains data of the browser application, in particular data about the first communication channel and / or further transaction-specific data. For example, confirmation information is a URL or the IP address of the server instance. In addition, the location, date and further data identifying the transaction can also be included in the confirmation information.

In an advantageous embodiment, the confirmation information contains, at least in part, information identifying the secure runtime environment. This can be, for example, an identification number assigned once to the secure runtime environment, which has been disclosed to the bank instance. Alternatively, the confirmation information is encrypted with a cryptographic key, the server instance being able to decrypt this confirmation information again. Alternatively, a transaction-relevant date is uniquely linked to the secure runtime environment, this link being communicated to the server instance in advance of the transaction.

In a preferred embodiment, the transaction application in the secure runtime environment builds up a third communication channel to the bank instance and sends the confirmation information to the bank instance before the transaction-relevant data is sent to the server instance. This confirmation information is requested by the server instance. The server instance compares the confirmation information with the transmitted transaction-relevant data and, depending on the comparison, releases or prevents the service associated with the transaction.

In an alternative embodiment, the transaction application encodes the confirmation information into the transaction-relevant data. The transaction-relevant data with the encoded confirmation information are then provided to the browser application. The transaction-relevant data with the encoded confirmation information are sent as transaction-relevant data to the server instance. In particular, the confirmation information is encoded into a user-specific part of the credit card number, thereby generating a changed credit card number. In particular, the changed credit card number is sent to the server instance instead of the credit card number as part of the transaction-relevant data. Since the user has already entered the transaction-relevant data, it is unnecessary to display the changed credit card number again in order not to confuse the user. The server instance recognizes from the changed number that the credit card number contains confirmation information and decodes the credit card number accordingly.

The invention further provides a computer program product that can be loaded directly into the internal memory of a processor within a digital communication terminal and software code sections with which the steps of the method described here are executed when the computer program product is running on the processor.

Furthermore, the object is achieved by a communication terminal with means for carrying out the described method. The terminal has for this purpose a processor unit with an unsecured runtime environment and a secure runtime environment; an input unit for entering transaction-relevant data; an output unit for outputting transaction-relevant data; and a first interface for establishing a first communication channel and transmitting transaction-relevant data. In particular, the terminal has a browser application in the unsecured runtime environment with an expansion module, this expansion module having a second interface for establishing a second communication channel to a transaction application in the secure runtime environment. The transaction application accesses at least portions of the entered transaction-relevant data via the second communication channel to generate acknowledgment information to secure the transaction.

Furthermore, the object is achieved by a system having means for carrying out the described method. The system has a communication terminal described here, a server instance and a bank instance. In particular, the communication terminal has a secure runtime environment. This secure runtime environment is uniquely identifiable by means of a cryptographic key on the system.

The invention or further embodiments and advantages of the invention will be explained in more detail with reference to figures, the figures only describe embodiments of the invention. Identical components in the figures are given the same reference numerals. The figures are not to be considered as true to scale, it can be exaggerated large or exaggerated simplified individual elements of the figures.

Show it:

1 a schematic representation of a trained in a communication device according to the invention processor

2 a schematic representation of a system according to the invention

3 a schematic representation of a first embodiment of the method according to the invention

4 a schematic representation of a 3 alternative embodiment of the method according to the invention

1 shows a in a communication terminal according to the invention 1 trained processor P. The generation of the confirmation information is carried out according to the invention within a secure runtime environment TZ. This secure runtime environment TZ example, an ARM TrustZone ^® in a mobile radio terminal 1 , The ARM TrustZone ^® is a known technology, a protected area is generated with in the processor P, which is used as a secure runtime environment TZ for performing safety-critical applications, so-called Trustlets TL. To this end, the ARM TrustZone ^® is a hardware platform HW a mobile communication device 1 implemented. This hardware platform HW includes access to a display D, a keyboard KB and possibly also to a security element SE, for example a SIM or a mass storage card with security functionality.

A memory area in the communication terminal 1 is divided into an unsecured storage area and a secure storage area and includes a runtime environment. The runtime loads applications AL, also known as applets, and runs them on the hardware platform HW. The basic and basic functions of a runtime environment are reading, writing, sorting and searching files, transporting data over a communication network, control of input elements such as the keyboard KB or a microphone and control of output elements, such as the display KB or a speaker.

In this case, an unsecured runtime environment NZ, also referred to as a normal zone, is executed in the unsecured storage area, whereas in the secure storage area the secured runtime environment TZ is executed. One or more applications AL, also referred to as applets, are stored in the unsecured runtime environment and are started from the normal runtime environment NZ. One or more drivers (= TZ System Driver and TZ API) and an operating system ("Rich OS") are also located in the unsecured memory area. In an attack scenario, in addition to the applications AL, there are also malicious applications in the unsecured runtime environment NZ, which is able to spy on and modify the data entered using the input element KB. In order that the user does not notice the attack, the output element D may also be affected by the attack, so that the user receives incorrect information.

in the secure memory area TZ runs the operating system of the secure runtime environment TRE (= Trust Zone Runtime Environment) and one or more security-related applications, so-called Trustlets TL.

In addition to the in 1 shown ARM TrustZone ^® technology can also be applied other technologies for the isolation of secure runtime environments to the procedure described here. For example, virtualization can take place in a so-called embedded system. For example, products from the companies Trango ^® and Open Kernel Labs ^® can be used.

Part of the invention is an expansion module PI of a browser application. This expansion module, also known as a plug-in, provides a second communication channel 5 between the browser application AL and the transaction application TL for securing the transaction.

In 2 an inventive system is shown with which the transactions can be hedged. Here is the in 1 described communication terminal according to the invention 1 shown again. Like in 1 described, the terminal has 1 a processor P with a secure and an unsecured runtime environment TZ, NZ in addition, an input element KB and an output element D are provided. In order to secure a transaction according to the invention, a browser application AL is again provided with an expansion module PI, which has a second communication channel 5 can build up. In addition, the terminal is 1 equipped with a security element SE, in addition, the secure runtime environment a fourth communication channel 7 can build to take further protective measures, such as checking a user-entered PIN, which is stored in the SE stored as a reference PIN.

The system also includes a server instance 2 , here in the form of a webshop and a bank instance 3 ,

From the server instance 2 For example, information and education services such as e-education, e-learning, e-teaching, e-publishing, e-books, e-zines and e-catalogs or procurement, trading and ordering services such as e-business, e-learning Commerce, e-procurement, e-cash, e-shop, e-intermediary, e-auction or cultural and administrative services such as e-culture, e-government or e-voting offered to the user with his terminal device 1 would like to use. For this purpose, the user starts the browser application AL to a first communication channel 4 to the server instance 2 which takes place, for example, in the form of an http request by the browser application AL.

The browser application AL, also called web browser, is a special application for displaying web pages on the Internet. While the web browser AL is executing in the unsecured runtime environment NZ, the transaction application TL is within the secure runtime environment TZ. Thus, the transaction application TL can not be attacked by malware that may be on the communication terminal 1 are located.

A user who wishes to use the transaction application according to the invention by means of a secure runtime environment TZ must have the expansion module PI installed. This may be done, for example, by the user himself by installing an "app" on the communication terminal 1 done by the user either at a server instance 2 where he wants to purchase services, or at a bank instance 3 where the payment transaction is physically settled.

Preferably, this "App" by the provider of the payment method - hereinafter as a bank instance 3 designated - provided. As part of downloading the "app" or after its installation becomes the bank instance 3 informed about which transaction-relevant data is linked with which secure runtime environment TZ. The transaction-relevant data, in particular the data of the credit card, are identified on the basis of the usual card data, such as owner, number, expiration date, check code, etc. The trusted runtime environment is again uniquely identified by a cryptographic key K _applet generated either in the secure runtime environment and the bank instance 3 has been communicated or alternatively generated by the bank client and made available to the secure runtime environment TZ.

Following the installation of the expansion module PI, an assignment of transaction-relevant data and a clear identification of the secure runtime environment TZ is given at the bank instance. Likewise, the secure runtime environment TZ is aware of the transaction-relevant data.

In addition, the bank instance 3 announced that transactions with the terminal 1 user are secured with the secure runtime environment. This is important to keep in the bank instance 3 incoming payment request from the server instance 2 right in the bank instance 3 can be edited.

According to 3 Now, a first embodiment of the invention will be explained in more detail. For this purpose, a browser application AL builds a first communication channel 4 to the server instance 2 on.

Shopping on the Internet via terminal 1 Now runs as usual for the user: The user selects the service, the product or the goods on the website of the server instance 2 out. The server instance 2 now asks the user in step A to pay for the selected product and therefore outputs an HTML form into which the user should enter the transaction-relevant data, in particular credit card data. Alternatively, the user can automatically use the data from the browser via "auto-complete" or from the Trustlet TL.

The browser plug-in PI recognizes in step B that now a payment process has been triggered and builds a second communication channel 5 to monitor the transactional data entered into the HTML form fields. This can be done either constantly, ie after each keystroke on the input element KB or preferably when submitting the HTML formular, ie when the user has activated the "Send" button in the browser application. If the HTML form is first completely filled out and then the browser plug-in PI is activated to transfer the entered transaction-relevant data to the secure runtime environment TZ (step B), this data already exists in its final form and the user has already indicated that he does not want to change it anymore.

The browser plug-in PI now searches the HTML form fields for transaction-relevant data to be reviewed / monitored. For this purpose, the searched / monitored transaction-relevant data, for example the credit card number, can either be stored in the browser plug-in PI itself, ie in the unsecured runtime environment NZ or in the secure runtime environment TZ. In the latter case, each time an HTML form is submitted, the browser plug-in PI calls the transaction application TL of the secure runtime environment TZ, so that this transaction application TL can search the HTML form fields for the corresponding transaction-relevant data.

If the transaction-relevant data is found in an HTML form field, the submission of the HTML form data by the browser plug-in PI is prevented. Subsequently, the transaction application TL initiates the measures for hedging the transaction, which in 3 is still shown in step B. In addition to the entered transaction-relevant data, the transaction application TL receives from the browser plug-in PI Further data of the browser application, for example the URL ie the website displayed in the browser or the IP address of the server instance 2 , In addition, location, date and other transaction identifying data may also be provided by the browser plug-in to the secure runtime environment TL.

In the simplest case, the transaction application TL now displays a non-manipulatable dialog, for example:
"Do you want the desired transaction? www.serverinstanz.de really execute "

The dialog can now also replay parts of the transaction-relevant data. The output element D can be controlled for this dialog only via the secure runtime environment TZ, so that any output from the secure runtime environment TZ is generated. The user can therefore be sure that the reissuance is tamper-proof. The user can now check the reissue with the transaction-relevant data previously entered into the HTML form and, if the data is inconsistent, stop the transaction at this point. The tamper-protected outputting of data to an output element by means of a secure runtime environment TZ is known, for example, from US Pat DE 10 2011 018 431 , filed on Apr. 21, 2011, by the same assignee, the entire disclosure of which is incorporated herein by reference.

The user of the terminal 1 is now requested to answer the dialogue. The answer is made via an input by means of the input element KB. The input element KB can be controlled for this dialog only via the secure runtime environment TZ, so that any input regarding this dialog is verified by the secure runtime environment TZ. Thus, the dialog can only be answered by a tamper-proof input from the user. The tamper-protected inputting of data by means of a secure runtime environment TZ is known, for example, from US Pat DE 10 2010 052 666.5 , filed on Nov. 26, 2010, by the same Applicant, the entire disclosure of which is incorporated herein by reference.

Instead of a yes / no answer answering the dialog, the user may also be prompted to re-enter portions of the transaction-relevant data, such as amount and credit card verification code. This has two advantages. First, the user becomes aware of the amount to be paid. Is the terminal 1 otherwise secured accordingly, if necessary, the entry of a PIN o. Ä. Can be omitted. Secondly, it is not trivial to include parts of the transaction-relevant data from the large number of different web pages of individual server instances 2 filter out. Thus, this reentry dialog would be an elegant way for the transaction application TL to obtain portions of the transaction relevant data.

Alternatively, the user may also require a PIN or equivalent information, in particular password, or biometric fingerprint.

The transaction application TL generates from the second communication channel 5 received transaction-related data confirmation information that is encrypted with the cryptographic key K _Applet the secure runtime environment TZ. For example, confirmation information is structured as follows: Confirmation Information = enc (URL _Webshop || Amount, K _Applet ) || Credit Card Number

The credit card number is appended without encryption. Alternatively, the confirmation information itself can be re-encrypted, so that nobody can read the credit card number during data transmission.

The transaction application TL sends the confirmation information to the corresponding bank instance 3 For example, a credit card provider. For this purpose, the transaction application TL builds a third communication channel 6 on. This channel 6 can be configured in any manner, for example SMS or via Internet Protocol. This is in 3 represented by step C. The bank instance 3 can easily be found on the basis of the existing credit card number, so that the terminal can build the channel targeted.

To build the channel 6 For example, the Bank Identification Number, BIN for short, is also referred to as issuer identification number IIN. For example, the BIN is used to identify credit and debit cards when routing within ATM networks. Based on the BIN, the card type used and the bank instance 3 who has issued the respective payment card can be identified. A bin has international validity. The exact structure of the BIN is in the norm ISO 7812 described. With a 16-digit credit card number, the first 6 digits represent the BIN. Alternatively, there are BIN search engines, for example, to find out the BIN of an EC / Maestro card. However, this information can also be stored when installing the trustlet TL in TL. This avoids a search.

Thus, the transaction application TL has a list of telephone numbers of the bank instances 3 to an SMS with the confirmation information on the third communication channel 6 transferred to. Becomes the channel 6 alternatively constructed by Internet Protocol IP, the transaction application TL through the BIN has a list of URLs or IP addresses of the bank instances 3 ,

If the confirmation information has been sent to the bank instance, the browser plug-in causes the transaction-relevant data to be sent to the server instance according to step D, whereby, for example, the http request via the first communication channel 4 is sent. The operator of the server instance 2 contacts the bank instance after receiving the transaction-relevant data 3 according to step E of 3 to check the transaction-relevant data and to collect the outstanding amount of money.

The bank instance 3 now checks in step F, if confirmation information of a secure runtime environment TZ is required for the corresponding credit card number. If so, the bank instance compares 3 whether from a secure runtime environment TZ confirmation information with the same transaction-relevant data, such as name and URL of the server instance 2 and the same amount. If the comparison yields a match, the transaction is taken by the bank instance 3 Approved. For this purpose, the server instance in step H receives the result of the comparison, whereby the server instance the product, the goods or the service to the user of the terminal 1 provides.

If the comparison in step F shows that the transaction-relevant data of the server instance does not match the data of the confirmation information, the bank instance can 3 according to step G on the still built channel 6 Ask again or alternatively a third communication channel 6 via the telephone number transmitted with the SMS or alternatively the obtained IP address, in order to ask questions according to step G.

In 4 is one too 3 alternative method of hedging a transaction is shown. Steps A and B are steps A and B of FIG 3 identical.

As in 3 generates the transaction application TL in the secure runtime environment TZ the confirmation information. However, this confirmation information is not sent directly to the bank instance 3 sent (step C the 3 ), but coded into the transaction-relevant data, such as the credit card number.

A credit card number consists of a ten-digit owner-specific part and the six-digit BIN. The six-digit part of the credit card number should remain unchanged, so that a usual plausibility check of the transaction-relevant data, for example on typos, in the server instance 2 can be carried out unchanged.

The owner-specific part of the credit card number is now used to encode the confirmation information. When all ten decimal places of the owner-specific part of the credit card are used for coding, confirmation information with a data amount of about 32 bits can be encoded.

Representative of many possibilities for encode transaction-relevant data as confirmation information in 32 bits, a possibility is explained below, wherein the confirmation information, for example, from the amount to pay and the URL of the server instance 2 consists. This encoding corresponds to the step I of 4 ,

The amount to be paid is expressed in binary form. In a 32-bit data word, with 2 decimal places must be considered, numerical values can be coded over 42 million, because it applies: Maximum number = 2 · exp (32) / 100.

The URL of the server instance 2 is hashed to 32 bits. The result is encrypted with the cryptographic key K _{applet of} the secure runtime environment TZ. Confirmation information = enc (owner-specific part of the credit card number EXOR Amount EXOR Hash (URL _Webshop ), K _Applet )

In contrast to the method according to 3 no further encryption of the confirmation information is necessary here.

The confirmation information thus generated again has 32 bits which is expressed in 10 decimal places. The ten-digit owner-specific part of the credit card number will now be replaced with the ten-digit confirmation information, which will result in a changed credit card number. Subsequently, the check digit of the credit card is recalculated.

The browser plug-in PI receives in step K the 4 the changed credit card number from the transaction application TL of the secure runtime environment TZ and replaces the entered credit card number with the changed credit card number at the appropriate place in the HTML Form field of the browser application Al. Since the user has already pressed the "send" button, it makes sense to suppress the changed credit card number according to step L, so that the user does not see the changed credit card number. This will become the users of the terminal 1 not confused.

The server instance 2 now receives the transaction-relevant data with the encoded confirmation information over the first communication channel according to step D. 4 , The server instance 2 Forwards the received data to the bank instance as usual 3 continue according to step E. The bank instance 3 recognizes on the basis of the transaction-relevant data, for example the owner name, that this transaction-relevant data could have been generated by a transaction application TL of a secure runtime environment TZ and specifically the credit card number contains an encoded confirmation. The bank instance 3 calculated with the previously obtained cryptographic key K _Appelt and the server instance 2 received transaction-relevant data (URL, amount) also the changed credit card number. The calculated changed credit card number matches that of the server instance 2 received changed credit card number, the transaction is released and the server instance 2 informed about the consistency of the data, see step H.

LIST OF REFERENCE NUMBERS

1

Mobile communication terminal, Smart Phone P Processor NZ Unsecured runtime environment TZ Secure runtime environment, Trustzone TZ-ID Identification number of the TZ, K _Applet OS Operating system of the unsecured runtime environment TRE Operating system of the secured runtime environment, MobiCore TL Trustlet, application within the TZ AL Applet, application within the NZ PI plug-in, expansion module of an AL HW Hardware Platform SE Security element KB Keyboard, input element DP display, output element

2

Server instance, webshop

3

Bank instance, payment service provider

4

First communication channel, mobile network

5

Second communication channel, processor internal

6

Third communication channel, mobile network

7

Fourth communication channel, processor-external

A

Start of the payment process

B

Recognize the transaction using a browser plug-in and trigger the check using TZ

C

Confirmation information to payment service providers

D

Sending the transaction-relevant data, credit card data

e

Forward the transaction-relevant data and webshop data

F

Comparison between transaction-relevant data / webshop data and confirmation information

G

Queries for inconsistent data

H

Information about successful payment process

I

Coding of the credit card number with confirmation information (amount, recipient, TZ-ID of the TZ) and receive a changed card number

K

Insert the changed credit card number into (web) browser

L

Suppress the changed credit card number

M

Calculate the changed credit card number based on webshop data and TZ-ID

QUOTES INCLUDE IN THE DESCRIPTION

This list of the documents listed by the applicant has been generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Cited patent literature

• EP 1260077 B1 [0007]
• DE 102011018431 [0061]
• DE 102010052666 [0062]

Cited non-patent literature

• www.serverinstanz.de [0060]
• ISO 7812 [0068]

Claims (17)

Method for securing a transaction, in particular a payment transaction, between a communication terminal ( 1 ) and a server instance ( 2 ), wherein the communication terminal ( 1 ) comprises a processor (P) with an unsecured runtime environment (NZ) and a secure runtime environment (TZ), with the method steps: - establishing a first communication channel ( 4 ) between the communication terminal ( 1 ) and the server instance ( 2 ); Sending (D) transaction-relevant data from the communication terminal ( 1 ) to the server instance ( 2 ) over the first communication channel ( 4 ), characterized in that: before the step of sending, a second communication channel ( 5 ) is established between the browser application (AL) in the unsecured runtime environment (NZ) and a transaction application (TL) in the secure runtime environment (TZ); At least part of the transaction-relevant data via the second communication channel before the step of sending ( 5 ) is sent to the transaction application (TL); - before the step of sending, the transaction application (TL) generates confirmation information for securing the transaction from the received part of the transaction-relevant data; and - this confirmation information for releasing the transaction in the server instance ( 2 ) is used. The method of claim 1, wherein the confirmation information also contains data of the browser application (AL), in particular data on the first communication channel and / or other transaction-specific data. Method according to claim 1 or 2, wherein the transaction-relevant data are entered by the user into a browser application (AL) in the unsecured runtime environment (NZ) and, before the step of sending, at least part of the entered transaction-relevant data via the second communication channel (N). 5 ) is sent to the transaction application (TL). The method of claim 1 or 2, wherein at least a part of the transaction-relevant data by the server instance ( 2 ) are provided via the first communication channel and before the step of transmitting at least a part of the entered transaction-relevant data via the second communication channel ( 5 ) is sent to the transaction application (TL). The method of claim 1 or 2, wherein at least a part of the transaction-relevant data provided by the transaction application (TL) and / or generated. Method according to one of the preceding claims, wherein the transaction application (TL): - checks the transaction-relevant data in the secure runtime environment (TZ); In the case of inconsistencies of parts of the transaction-relevant data ascertained by checking: - the user via an output element (D) of the communication terminal ( 1 ) indicates a warning message; and / or sending (D) the transaction-relevant data to the server instance ( 2 ) stops. Method according to one of the preceding claims, wherein the confirmation information contains a, the secured runtime environment (TZ) uniquely identifying information (TZ-ID, K _Applet ). Method according to one of the preceding claims, wherein: - the transaction application (TL) in the secure runtime environment (TZ) has a third communication channel (TL) 6 ) to the bank instance ( 3 ) builds; and - the confirmation information to the bank instance ( 3 ) is sent using parts of the transaction-relevant data before the transaction-relevant data to the server instance ( 2 ) (D). The method of claim 8, wherein - the server instance ( 2 ) from the communication terminal ( 1 at least partially to the bank instance ( 3 ) sends; The bank instance sends the confirmation information with that of the server instance ( 2 ) compares transmitted transaction-relevant data; and - the bank instance ( 2 ) releases or prevents the transaction depending on the comparison. Method according to one of claims 1 to 7, wherein the transaction application (TL): - encodes the confirmation information into the transaction-relevant data; - provides the transaction-relevant data with the encoded confirmation information of the browser application (AL); and - the transaction-relevant data with the encoded confirmation information as transaction-relevant data to the server instance ( 2 ). The method of claim 10, wherein the acknowledgment information is encoded into a proprietary portion of a credit card number, thereby generating a changed credit card number. The method of claim 11, wherein the changed credit card number instead of the credit card number as part of the transaction-relevant data to the server instance ( 2 ) is sent. Method according to one of the preceding claims, wherein the transaction application (TL) cryptographically encrypts the transaction-relevant data in the secure runtime environment (TZ) by means of a key assigned to this secure runtime environment (TZ). Method according to one of the preceding claims, wherein a bank instance ( 3 ) an affiliation of at least parts of the transaction-relevant data, in particular the credit card number, and the secure runtime environment (TZ) was communicated before the first-time execution of the method. Computer program product which directly enters the internal memory of a processor (P) within a digital communication terminal ( 1 ) and software software sections that perform the steps of any one of claims 1 to 11 when the computer program product is running on the processor (P). Communication terminal ( 1 ) comprising means for performing the method according to one of claims 1 to 14 and comprising: - a processor unit (P) with an unsecured runtime environment (NZ) and a secure runtime environment (TZ); An input unit (KB) for entering transaction-relevant data; An output unit (DP) for outputting transaction-relevant data; A first interface for establishing a first communication channel ( 4 ) and sending (D) transaction-relevant data; characterized in that: - a browser application (AL) in the unsecured runtime environment (NZ) has an expansion module (PI) and this expansion module (PI) has a second interface for setting up a second communication channel (PI) ( 5 ) to a transaction application (TL) in the secure runtime environment (TZ), and - the transaction application (TL) at least to parts of the entered transaction-relevant data via the second communication channel (TL) 5 ) to generate acknowledgment information to secure the transaction. System having means for carrying out the method according to one of claims 1 to 14, comprising: - a communication terminal ( 1 ) according to claim 16; A server instance ( 2 ); and - a bank instance ( 3 ) characterized in that: - the communication terminal ( 1 ) has a secure runtime environment (TZ) and this secure runtime environment (TZ) by means of a cryptographic key to the system unique (TZ-ID) is identifiable.

Images